I'm trying to configure certificate-based authentication in a web application deployed in JBoss 7.1.1. I appear to have SSL configured correctly, but I'm having problems configuring my web application to authenticate. To verify authentication, I have a simple JSP that echoes the user name via the scriptlet snippet <%= request.getRemoteUser() %>. I've attached a number of related files to this posting and have a number of questions...
- If I comment out the "security-constraint" section of "web.xml", access to "index.jsp" is granted, but the value returned by "getRemoteUser()" is null. I'm assuming this is incorrect behavior. Am I missing something in my configuration files? Do I need "jboss-web.xml"?
- In order to associate roles with my users, I presumably need to add entries to "application-roles.properties". What key do I use for the entries, the user certificate DN? If so, how do I extract the DN from a PKCS12 file in a format that's compatible with "application-roles.properties"? I know that spaces and "=" signs need to be escaped, but I'm also concerned about the order of the subordinate key/value pairs in the DN.
- I've seen references to a file named "defaultRoles.properties", but I can't find any examples of the file syntax or how to configure its use. In my case, I don't need fine-grained user to role mapping. Assigning a set of default roles to any user with a valid certificate would be fine. How do I configure "defaultRoles.properties"?
Thanks for your help.
Larry
